DATA SHEET

CA Access Gateway
At a Glance
The CA Access Gateway (formerly CA SiteMinder Secure Proxy Server) is a high-performance proxy gateway that provides
an optional deployment model in the CA Single Sign-On (CA SSO) family for securely enabling online business and
single sign-on.

Key Benefits/Results Business challenges

Many IT administrators face restrictions about where external-facing Web servers may be
• Centralized security to block unauthorized
located in their networks. These include not placing a website in an Internet-facing DMZ, or
user and high network topology
only ensuring that authenticated traffic is allowed to enter the organization. This reduces
• Alternate methods of session management to
the administrator’s flexibility and may delay their ability to quickly deploy new
offer flexibility in supporting mobile devices
applications. Additionally, IT administrators are continuously asked to provide more
• Policy driven redirection so users in one group
are proxied to one Web server and other users services with lower budgets.
are proxied to a different Web server CA Access Gateway gives IT administrators the architectural flexibility they need while
• Reduced cost of ownership because delivering CA SSO Web Agent and CA Federation capabilities in a simple to deploy
single sign-on and federated identity are proxy server.
aggregated in one component
Mobile platforms and applications create additional challenges for the IT admin to manage
Key Features CA SSO sessions. CA Access Gateway provides administrators additional tools for managing
users’ sessions across this growing segment of end-user devices.
• Single Sign-on (SSO). The embedded
CA SSO Web Agent enables SSO across
an enterprise. Solution overview
• Multiple session schemes. CA Access CA Access Gateway gives you the ability to securely connect to Web servers and
Gateway supports multiple session applications in a centralized manner that does not require distributed agents.
schemes based on SSL ID, mini-cookies,
device IDs for mobile devices, URL CA Access Gateway is also ideal for companies that need additional session management
rewriting, IP addresses, and schemes from flexibility, including the ability to transparently route users, support additional user agents,
the Session Scheme API. or seamlessly integrate with the existing enterprise infrastructure. It provides access
• Mobile device coverage. Cookie-less control, single sign-on, and entitlement management while serving as a secure gateway
session schemes and CA Access Gateway to a company’s backend servers.
in-memory session storage provide a
solution that extends to include mobile Access to the entire enterprise can be managed through a single enforcement point, and
devices. the internal network topology is opaque to external users. CA Access Gateway can provide
• Intelligent proxy rules. Allow SSO both as a standalone component and in conjunction with CA SSO Web Agents and
configuration of different paths for fulfilling supports multiple session schemes and the proxy rules control the flow of requests to
client requests based on characteristics
such as the requested virtual host, destination servers.
URI string, or HTTP cookie content.
• Access control for HTTP and HTTPS
requests. CA Access Gateway enables
flow control of HTTP and HTTPS requests
to and from destination servers using an
embedded CA SSO Web Agent.
CA ACCESS GATEWAY
CA SiteMinder WAM Deployment Options

Critical differentiators
1. Centralized Access
Centralized Access Control
Control with CAwith SPS
Access Gateway
CA Access Gateway versus a traditional
§ Includes mobile device support via cookie-less sessions

reverse proxy configuration:

• Certificate authentication from the

All HTTP/ DMZ
proxy to the backend Web server HTTPS
Traffic
prevents anyone from going “around” CA Access
Gateway
the proxy by requiring certificate
authentication from the proxy to the
Agent
Web server Destination
Servers
• Built-in identity federation; no need to
use additional J2EE servers
• Session linker support for ERP systems Server.conf

• Ability to run multiple instances of

Gateway Access
CA Access Gateway on a single server; Proxy_rules.xml
Policy Server
reduces hardware costs Firewall Firewall

• Alternative session schemes; minicookie, How it Works

1. A user’s request is received by the SiteMinder Secure Proxy Server (SPS).
ssl_id, IP Address, simple URL rewriting, 2. SPS determines the session scheme to be used based on the virtual host requested and device type
API for custom solutions defined in the server.conf file.
3. The embedded SiteMinder Agent performs the necessary authentication and authorization process.
• Intelligent proxy rules; ability to The CA Technologies advantage solution
4. Proxy rules, defined in the proxy_rules.xml file, are toSPS
used by meet their specific
to determine how toneeds.
handle The
requests.
5. Based on the applicable proxy rule, SPS constructs a new request and forwards it to the
CA Technologies comprehensive portfolio backend server.
of
forward traffic based on user attributes, CA SSO offers
6. SPS gets the best ofback
a response both worlds
from in
the backend server.
7. An appropriate response is constructed and sentmodular ITuser.
back to the management solutions helps you
device type Web Access Management. CA Access Gateway
unify IT and simplify the management of
• Hosts password services templates 7 isSiteMinder
CA a reverse proxy
Secure solution
Proxy Server that provides
Copyright © 2009 CA
today’s complex computing environments
• Fully supported by CA Technologies centralized control from the DMZ. CA SSO
across the enterprise—and get greater
Web Agents offer distributed enforcement
business results.
Related products/solutions points for de-centralized organizations that
CA Access Gateway for Citrix Netscaler want to capitalize on the organizational and
SDX TM. Integration into the Netscaler architectural advantages of this approach.
administration panel facilities administration The ultimate flexibility is provided in a
and management helps lower TCO while hybrid model that allows one organization
leveraging the performance enhancements of to take advantage of the best of both worlds
the Netscaler environment. by deploying a combined agent/reverse proxy

For more information, please visit ca.com/single-sign-on

CA Technologies (NASDAQ: CA) creates software that fuels transformation for companies and enables them to seize the opportunities
of the application economy. Software is at the heart of every business, in every industry. From planning to development to
management and security, CA is working with companies worldwide to change the way we live, transact and communicate – across
mobile, private and public cloud, distributed and mainframe environments. Learn more at ca.com.

Copyright © 2014 CA. All rights reserved. All trademarks, trade names, service marks and logos referenced herein belong to their respective companies. This document is for your informational purposes only. CA assumes no
responsibility for the accuracy or completeness of the information. To the extent permitted by applicable law, CA provides this document “as is” without warranty of any kind, including, without limitation, any implied
warranties of merchantability, fitness for a particular purpose, or noninfringement. In no event will CA be liable for any loss or damage, direct or indirect, from the use of this document, including, without limitation, lost
profits, business interruption, goodwill or lost data, even if CA is expressly advised in advance of the possibility of such damages. CS200–91928–0914